-
Notifications
You must be signed in to change notification settings - Fork 374
/
antrea-agent.conf
59 lines (49 loc) · 2.49 KB
/
antrea-agent.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# FeatureGates is a map of feature names to bools that enable or disable experimental features.
featureGates:
# Enable running agent on an unmanaged VM/BM.
ExternalNode: true
# Enable Antrea ClusterNetworkPolicy feature to complement K8s NetworkPolicy for cluster admins
# to define security policies which apply to the entire cluster, and Antrea NetworkPolicy
# feature that supports priorities, rule actions and externalEntities in the future.
AntreaPolicy: true
# Enable collecting and exposing NetworkPolicy statistics.
NetworkPolicyStats: true
# Name of the OpenVSwitch bridge antrea-agent will create and use.
# Make sure it doesn't conflict with your existing OpenVSwitch bridges.
#ovsBridge: br-int
# Datapath type to use for the OpenVSwitch bridge created by Antrea. Supported values are:
# - system
# - netdev
# 'system' is the default value and corresponds to the kernel datapath. Use 'netdev' to run
# OVS in userspace mode (not fully supported yet). Userspace mode requires the tun device driver to
# be available.
#ovsDatapathType: system
# The port for the antrea-agent APIServer to serve on.
# Note that if it's set to another value, the `containerPort` of the `api` port of the
# `antrea-agent` container must be set to the same value.
#apiPort: 10350
# NodeType is type of the Node where Antrea Agent is running.
# Defaults to "k8sNode". Valid values include "k8sNode", and "externalNode".
nodeType: externalNode
externalNode:
# The expected Namespace in which the ExternalNode is created.
# Defaults to "default".
#externalNodeNamespace: default
# The policyBypassRules describes the traffic that is expected to bypass NetworkPolicy rules.
# Each rule contains the following four attributes:
# direction (ingress|egress), protocol(tcp/udp/icmp/ip), remote CIDR, dst port (ICMP doesn't require).
# Here is an example:
# - direction: ingress
# protocol: tcp
# cidr: 1.1.1.1/32
# port: 22
# It is used only when NodeType is externalNode.
#policyBypassRules: []
# The path to access the kubeconfig file used in the connection to K8s APIServer. The file contains the K8s
# APIServer endpoint and the token of ServiceAccount required in the connection.
clientConnection:
kubeconfig: antrea-agent.kubeconfig
# The path to access the kubeconfig file used in the connection to Antrea Controller. The file contains the
# antrea-controller APIServer endpoint and the token of ServiceAccount required in the connection.
antreaClientConnection:
kubeconfig: antrea-agent.antrea.kubeconfig